oss-sec mailing list archives
CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Sat, 03 Apr 2010 11:23:40 +0200
Hi Steve, vendors (based on http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308) Pierre Nogues found a stack overflow flaw, in the way Open DC Hub sanitized content of user's MyINFO message. Remote attacker, with valid Open DC Hub account, could send a specially-crafted MyINFO message to another user / all users connected to particular Direct Connect network, leading into denial of service (opendchub crash) or, potentially, to arbitrary code execution with the privileges of the user running opendchub. References: [1] http://www.indahax.com/exploits/opendchub-0-8-1-remote-code-execution-exploit#more-600 [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576308 [3] https://bugzilla.redhat.com/show_bug.cgi?id=579206 Could you allocate a CVE id for this? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- OpenDCHub v0.8.1 -- Stack overflow by handling a specially-crafted MyINFO message Jan Lieskovsky (Apr 03)